December 15, 2022 By Hanna Linder 2 min read

A cybersecurity attack can be devastating to any company, but improving your software supply chain can significantly minimize your risk of being compromised.

With the rapid increase in the adoption and use of Open Source Software (OSS) in modern application development, it is important to perform additional diligence. All of the components of your software supply chain need a thorough inspection. IBM is collaborating in the OSS ecosystem with other industry leaders and key OSS communities to address a broad range of security issues that have developed over time. These issues have appeared gradually, and it will take time to create new security best practices to address these challenges.

One of the many ways that IBM is collaborating with these OSS communities is by being an active member of the Open Source Security Foundation (OpenSSF), an initiative developed and launched by the Linux Foundation.

The OpenSSF describes itself as “… a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.” IBM is one of the founding members of the organization, and Jamie Thomas, General Manager, Systems Strategy and Development at IBM, serves as a Board Chair at the OpenSSF.

IBM Technology Services

Clients can improve their security posture by leveraging several valuable products and services from IBM. IBM Technology Services provide clients with several options, including open source security vulnerability assessments and risk mitigation assistance.

The IBM Technology Services Open Source Software team has capabilities on many popular community and commercial products supporting business digital transformation and application modernization. We can offer a range of services helping clients to design, deploy and optimize open source technologies.

Security is not a linear or finite journey; rather, it is a continuous, evolving process. Clients need to take a proactive role in addressing their security today, as waiting for a threat to materialize can sometimes be too late.

How do we help our clients address their overall security?

We integrate security into all of our client engagements. When providing a client with OSS services, we make sure that the OSS download site is valid and we verify the Software Bill of Materials (SBOM) when it is available, meaning that any download links we provide are verified that they are valid and safe. In addition, we can also perform vulnerability assessments and mitigations for or with a client as a separate service.

By using IBM Technology Lifecycle Services for Open Source Technology Services, clients can be confident that they are benefiting from a worldwide community that is constantly evaluating for the presence of bugs and critical vulnerabilities. Other important features include focusing on integrating DevSecOps as a key element in software development.

To learn more about how we can help you, contact

Was this article helpful?

More from Cloud

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters